BSD Commit Log Search

   virtio(4): Allow virtio 0.9 BAR0 type to be memory rather than I/O.

   This matches virtio>=1.0, and can't break working `hardware': any
   existing virtio devices that worked must have reported I/O-type BAR0,
   so they will continue to work; this will only enable previously
   unusable virtio devices, reporting memory-type BAR0, to work.

   Patch from Petri Koistinen.

   PR kern/60247: virtio(4): legacy attach fails when BAR0 is MMIO

   openssl: Disentangle thread-local initialization logic.

   https://github.com/openssl/openssl/issues/31166
   https://github.com/openssl/openssl/pull/31167
   PR lib/60244: openssl 3.5.6 pullup can emit pthread warnings on init

   math/py-numpy: Undo unintentional part of previous commit.

   PR pkg/60256: devel/py-numpy: log1pl workaround no longer works around

   math/py-numpy: Tweak workaround for missing log2l/log1pl/expm1l.

   1. Put it in npy_math.c as needed by _umath_linalg.so.

   2. Limit it to NetBSD<10, since NetBSD>=10 has at least stubs (just
      like this workaround implements, in terms of double functions) if
      not proper long double implementations (NetBSD>=11).

   Fixes:

   >>> import numpy
   ...
   ImportError: /home/riastradh/pkgsrc/current/pkg/lib/python3.11/site-packages/numpy/linalg/_umath_linalg.so: Undefined PLT symbol "log1pl" (symnum = 20)

   PR pkg/60256: devel/py-numpy: log1pl workaround no longer works around

   py-cryptography reqires openssl3, make it so

   PR 60255 by riastradh

   doc: Updated sysutils/lima to 2.1.1

   sysutils/lima: update to version 2.1.1

   The default docker template still does not boot on my NetBSD host, but
   the docker.lima wrapper worked for me just fine when using debian-13
   instead, and installing docker.io there.

   Tested on NetBSD/amd64.

   Changes since version 2.1.0:

   * Binary release:
     - Add Windows artifacts (#4789)
   * macOS guest:
     - Allow unusual range of UID (#4171, thanks to @balajiv113)
   * vz:
     - Honor audio.device=none (#4762, thanks to @BizerNotNull)
   * nerdctl:
     - Update from v2.2.1 to v2.2.2 (#4787)
       . This release of the nerdctl distribution updates BuildKit

    [59 lines not shown]

   fix so that it works out of the box (from RVP)

   Add a missing empty line

   Pullup tickets #7110 and #7111

   Pullup ticket #7111 - requested by morr
   editors/vim: security fix

   Revisions pulled up:
   - editors/vim-share/PLIST                                       1.88
   - editors/vim-share/distinfo                                    1.232-1.233
   - editors/vim-share/patches/patch-feature.h                     1.9
   - editors/vim-share/patches/patch-popupwin.c                    1.4
   - editors/vim-share/patches/patch-vim.h                         1.4
   - editors/vim-share/version.mk                                  1.168-1.169

   ---
      Module Name:    pkgsrc
      Committed By:   morr
      Date:           Wed May  6 20:26:50 UTC 2026

      Modified Files:
              pkgsrc/editors/vim-share: PLIST distinfo version.mk
              pkgsrc/editors/vim-share/patches: patch-feature.h patch-popupwin.c

    [124 lines not shown]

   Pullup ticket #7110 - requested by taca
   graphics/lcms2: security fix

   Revisions pulled up:
   - graphics/lcms2/Makefile                                       1.24
   - graphics/lcms2/distinfo                                       1.17

   ---
      Module Name:      pkgsrc
      Committed By:     wiz
      Date:             Thu Apr 30 05:13:08 UTC 2026

      Modified Files:
        pkgsrc/graphics/lcms2: Makefile distinfo

      Log Message:
      lcms2: update to 2.19.

      All tests pass.

    [67 lines not shown]

   Pullup tickets up to #7109

   Pullup ticket #7104 - requested by taca
   lang/ruby34: security fix

   Revisions pulled up:
   - lang/ruby/rubyversion.mk                                      1.321
   - lang/ruby34/Makefile                                          1.8
   - lang/ruby34/distinfo                                          1.14
   - lang/ruby34/patches/patch-lib_erb.rb                          1.1
   - lang/ruby34/patches/patch-lib_erb_version.rb                  1.1
   - lang/ruby34/patches/patch-test_erb_test__erb.rb               1.1

   ---
      Module Name:      pkgsrc
      Committed By:     taca
      Date:             Wed May  6 05:15:35 UTC 2026

      Modified Files:
        pkgsrc/lang/ruby: rubyversion.mk
        pkgsrc/lang/ruby34: Makefile distinfo

    [10 lines not shown]

   doc: Updated textproc/p5-YAML-Syck to 1.45

   p5-YAML-Syck: update to 1.45.

   1.45 Apr 23 2026

     [Bug Fixes]
     - Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash
       in base64 encode/decode buffers; also plugs a memory leak (PR #189)
     - Fix: clear type tag on blessed scalar alias early-return so the stale
       tag no longer leaks onto the next emitted item (GH #193, PR #194)
     - Fix: negative float#base60 values produce wrong results; strip sign
       before accumulating and avoid negative zero for portable
       stringification (PR #191)
     - Fix: prevent memory leaks when Load/LoadJSON croak on parse errors
       (PR #192)

     [Maintenance]
     - Test: add coverage for SortKeys and JSON MaxDepth (PR #188)
     - Test: add error handling coverage for LoadFile/DumpFile (PR #190)
     - Update README

    [149 lines not shown]

   doc: Updated www/p5-libwww to 6.83

   p5-libwww: update to 6.83.

   6.83      2026-05-12 11:41:48Z
       - LWP::UserAgent now strips Authorization and Proxy-Authorization headers
         on cross-origin redirects (a different scheme, host, or port) to prevent
         credential leakage to the redirect target. Same-origin redirects retain
         credentials. Opt out with allow_credentialed_redirects => 1.
         CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig
         Palmquist.
       - LWP::UserAgent now refuses https to http redirects by default to prevent
         leaking remaining request headers and bodies over plaintext. Opt in with
         allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by
         Stig Palmquist.

   doc: Updated www/cgit to 1.3nb1

   cgit: install man page

   While here, simplify package.

   Bump PKGREVISION.

   Fixes PR 60252.

Update www/cgit: Trying to solve: "pkg/60252: www/cgit: missing cgitrc(5) man page" for learning purposes...

   doc: Updated games/greed to 5.0

   greed: update to 5.0.

   Ported to Rust.

   doc: Updated graphics/lcms2 to 2.19.1

   graphics/lcms2: Update to 2.19.1

   This is a bugfix release.

   Note that one can use cmake, but upstream has not yet declared that to
   be the official build system, so decline to switch.  (As usual, the
   autoconf build works fine.)

py-gguf: add GITHUB_PROJECT

py-transformers: depends py-setuptools and py-matruin

py-tokenizers: depends py-maturin

py-sphinxcontrib-svg2pdfconverter: drop python311

py-backports.tarfile: depends py-setuptools